Sr. Staff Vulnerability & AI Security Engineer (Hybrid)

Archer is an aerospace company based in San Jose California building an all-electric vertical takeoff and landing aircraft with a mission to advance the benefits of sustainable air mobility. We are designing manufacturing and operating an all-electric aircraft that can carry four passengers while producing minimal noise.

Our sights are set high and our problems are hard and we believe that diversity in the workplace is what makes us smarter drives better insights and will ultimately lift us all to success. We are dedicated to cultivating an equitable and inclusive environment that embraces our differences and supports and celebrates all of our team members.

Sr. Staff Vulnerability & AI Security Engineer (Hybrid-San JoseCA)

Job Overview

We are seeking a Sr. Staff Vulnerability & AI Security Engineer to architect and lead Archers enterprise vulnerability management strategy while establishing technical secure guardrails for AI adoption. Reporting directly to the CISO you will serve as a technical principal and player-coach owning the end-to-end vulnerability lifecycle across cloud endpoints applications and identity.

This is a high-influence high-execution role. You will move between high-level strategy and deep-dive engineering partnering with teams to drive measurable risk reduction through automation rigorous prioritization and disciplined remediation. You will operationalize modern approaches such as attack surface management and AI-assisted detection while ensuring our security posture meets the high bar of aerospace compliance (NIST SP 800-171 CMMC ITAR).

Key Responsibilities

• Architect Enterprise Strategy: Design and own the end-to-end vulnerability management architecturefrom discovery and coverage to automated validation and executive reporting.

• Risk-Based Prioritization: Establish a sophisticated prioritization model that integrates asset criticality threat intelligence and exploitability to ensure engineering teams focus on the critical few over the noisy many.

• Technical AI Governance: Lead the technical implementation of AI security; design and deploy guardrails for GenAI usage detect Shadow AI and build technical controls to prevent IP leakage into public LLMs.

• Attack Surface Engineering: Partner with Cloud and Infrastructure teams to integrate CNAPP/CSPM findings and build automated workflows that reduce configuration-driven exposure in AWS/Azure.

• Shift-Left Leadership: Drive DevSecOps excellence by embedding SAST/DAST/SCA and secrets scanning into CI/CD pipelines preventing vulnerabilities from reaching production.

• Metrics & Storytelling: Define and operationalize technical KPIs (MTTR risk burn-down coverage) that translate raw technical data into business risk for executive leadership.

• Tactical Response: Lead high-severity vulnerability response efforts providing technical validation containment strategies and verification of remediation.

• Technical Mentorship: Act as a multiplier by setting engineering standards mentoring security analysts and leading cross-functional remediation initiatives through technical influence rather than just authority.

Required Qualifications

• 8 years of security engineering experience with a heavy focus on vulnerability management AppSec or cloud security.

• Staff-Level Influence: Proven track record of leading complex enterprise-wide security programs and driving technical change across diverse engineering organizations.

• Cloud Depth: Strong hands-on experience in AWS GCP or Azure specifically regarding identity secure configuration and automated telemetry.

• Tooling Mastery: Deep expertise in the modern security stack (SAST/DAST/SCA scanners and automated ticketing workflows).

• Regulatory Fluency: Practical understanding of how vulnerability evidence supports compliance in regulated environments (NIST SP 800-171 CMMC Level 2 ITAR).

• Communication: Exceptional ability to translate a complex CVE into a business risk narrative for non-technical stakeholders.

Preferred Qualifications

• AI Security Practitioner: Experience implementing technical enforcement (not just policy) for AI usage and data leakage prevention.

• Automation Specialist: Experience building automated triage and enrichment workflows to reduce security friction for developers.

• Aerospace/Defense Background: Prior experience in high-stakes auditable environments where checkbox security isnt an option.

What changed

• Shifted the Tone: Removed Head of language in favor of terms like Technical Principal Architect and High-influence individual contributor.

• Focused on The How: Instead of just managing a program the focus is now on designing and deploying the architecture of that program.

• Influence vs. Authority: Emphasized the ability to drive change through technical merit and cross-functional partnership which is the hallmark of a Staff-level engineer

Please note that this job description is intended to provide a general overview of the position and does not include an exhaustive list of responsibilities and qualifications

At Archer we aim to attract retain and motivate talent with the skills and leadership needed to grow our business. We drive a pay-for-performance culture and reward performance that supports the Companys strategy. For this position we are targeting a base pay range of $182500 - $240900. Actual compensation offered will be determined by job-related knowledge skills and experience.

Archer is proud to be an Equal Opportunity employer committed to diversity and inclusivity in the workplace. All aspects of employment are decided on the basis of merit qualifications and business needs. We do not discriminate based upon race color religion sex sexual orientation age national origin disability status protected veteran status gender identity or any other characteristic protected by federal state or local laws.

Archer is committed to working with and providing reasonable accommodations to job applicants with physical or mental disabilities and those with sincerely held religious beliefs. Applicants who may require reasonable accommodation for any part of the application or hiring process should provide their name and contact information to Archers People Team at. Reasonable accommodations will be determined on a case-by-case basis.

Information collected and processed as part of any job applications you choose to submit is subject to Archers Candidate Privacy Policy.

Archer is unable to provide work visa sponsorship for this position at the present time.

Archer is proud to be an Equal Opportunity employer committed to diversity and inclusivity in the workplace. All aspects of employment are decided on the basis of merit qualifications and business needs. We do not discriminate based upon race color religion sex sexual orientation age national origin disability status protected veteran status gender identity or any other characteristic protected by federal state or local laws.

Archer Aviation does not engage with external recruiting agencies/individual recruiters with whom it does not have a prior written agreement. Archer reserves the right to make use of any unsolicited resumes that it receives and bears no responsibility for payment of any fees asserted from the use of unsolicited resumes. If you are a recruiting agency or individual recruiter wishing to do business with Archer please reach out to. All employment processes are managed by the Archer People Team.